Slashdot videos: Now with more Slashdot!

View

Discuss

Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

Brock Tellier writes "The old adage 'The only safe computer is locked in a room and unplugged from the Internet' proves false. According to a recent security report about Logitech wireless mice and keyboards, an attacker can sit a hundred feet or more from your computer and 'sniff' the data from your keyboard and mouse. Scary." Scary indeed! Having just purchased one of these, and finding them immensely conveinient such news is disheartening. Are there easy ways in which Logitech might be able harden any new models against this? How difficult are these things to sniff, and what kind of hardware would one need to do so? Obvious security tip: if you have these keyboards attached to machines that may access secure data, consider moving them back to the wired standbys until a more secure wireless options present itself.

"moving up a bit... left click... moving right a bit... moving down a bit.... right click... moving left a lot and up a bit. silence... moving down a lot, a little to the left... right click... moving up a bit...."

Lots of people don't understand these things, and tend to get mislead by bad marketing.

For example, there's an outfit which sells set top boxes for digital TV called Open; these boxes are used by outfits in the UK to provide their "like the Internet, only a not" offerings. Including Internet banking with a number of the UK's leading online banks.

Customers are assured that Open use s00per-s3kr3t encryption between the set top box and the host system to secure your banking experiance, which is true. What Open don't tell consumers is that their IR controller/keyboards run with no encryption and have a 50 foot range, so anyone with an IR reciever and a little work could be merrily sniff you logins, passwords, and so forth.

Oops.

There's a lot of work to be done on educating Joe and Jane Average about these things.

It's amazing how many ways the Honda Civic could have been done right, but is still wrong. For instance, the car could have 2 inch steel armour completely encasing the body, bulletproof glass, solid rubber run-flat tires, and a 500 HP engine and high-performance suspension to compensate for the increased weight. Or they could have added a jet-assisted thrust system to allow drivers to escape dangerous situations at 300 MPH. Or they could have outfitted the car with wings, so that it could simply fly away from would-be attackers.

But no, Honda had to make something that "works" but gives people no security.

one easy way to make a pretty secure connection would be to make little enigma-esque scrambler wheels on the keyboard and base station. since the number of intercepted characters is probably low, your key length doesn't have to be outrageous to provide some security.

There is really no big difference between sniffing a telnet session with bpf and sniffing
an optical or radio connected mouse or keyboard.

One solution for the telnet case was the use of encrypted channels, via the secure socket layer (SSL) and a changed protocol/tool (ssh).

It is obvious that a similiar method has to
be used for the mouse/keyboard case.

Logitech could have put in good encryption, and talked up the weakness of their competitors. One press release per weak about how your competitors are betraying the public can drum up a lot of business.

Are there any competitors in that space (RF keyboards)? I'm not exactly in the market for a wireless keyboard, and if I were it's likely that IR would do it for me.

Also as I said before, mentioning security will remind people that they have no idea if it is secure. After all anything claiming to be secure in the past seems to have had later announcements about how it's not exactly as secure as first claimed... (and no, not everything does, but it happens enough that I expect lots of folks have that impression)

Wrong. Lots of work has been done to stuff good encryption in tiny CPUs. Think smart cards. In particular, ciphers that use multiple LFSRs require miniscule amounts of silicon.

Ok, if they spin their own silicon they might be able to do it, I don't own one of those things, so I can't check to see if it is all off the shelf parts, or has any custom ICs, or even FPGAs. I'm assuming these small area designs have been openly published and withstood attack? Or are small area designs of real cyphers...

Yeah, running a wire between them for a moment when it's first installed is *so* hard...

Sure. First it costs money to put the wire there. Then it costs money if people screw it up, or think they did and call the 800 number. You need long term storage to hold the key (FLASH, NVRAM, whatever), and if it is battery backed you will need that cable again in a few years, or there is another 800 call.

WEP was designed by a microcephalic crack-smoking monkey.

And you think Logitech has a shortage of crack smoking monkeys?

It is poor entirely because it's designers had essentially no understanding of cryptosystem design, and they didn't bother to have it reviewed by experts.

The documents were out for public and private review for many many months. Experts did have at it. It at least got changed from a clearly worthless 4-bit key to something that looks valuable (but isn't).

It's amazing how many ways this could have been done right, and it is still wrong.

Not really. Anything that increases the cost has to increase sales. Will the lack of a checkbox that says "uses random crypto thingie so it must be safe" lose some sales? Maybe. Some people clearly wouldn't buy it because of that. Then again some people would see that and be reminded that it is a problem, and not want it. Some people will see it and demand that they know how it works so they can be convinced it is secure. And above all, it is going to drive prices up. You won't be able to shoehorn much encryption into the tiny CPU that decides keystrokes and drives a little RF and emulates the original keyboard controller.

Plus it is hard to imagine anything simple that works out of the box, unless you key the base station to the keyboard from the factory. Otherwise you could have a man in the middle attack (which would be harder then the existing attack, but still...)

I mean look at the problems 802.11's WEP has, and it is on a $100 and up device!

First off this is *news*? Did anyone expect a wireless mouse or kb to encrypt? While it's likely possible to do some sort of encryption between the transmitter & the reciever I don't see how keys would easily be synchronized.

Furthermore devices like this invariably end up stepping on each other's toes. They're fine if you're the only user in the building but when the secretary upstairs gets one you end up getting who-gets-the-bandwidth glitches or worse yet finding thier mousing on your screen (or "Iieeeeyyhahh - my cursor is posessed!")

Of course one key thing to ask yourself is if you care that someone could decode your mouse or kb.

In the office as I noted these things are of limited utility, at least if you're in a geek-dense area. At home the question is how many folks are in range and how many could possibly care.

In my neighborhood the average age is 60-something and of a definite non-technical bent. Frankly I doubt there's so much as an active ham in the neighborhood much less anyone with enough geek-tendencies to scan, identify, then decode my mouse or keyboard.

The same with the odds of there being another comperable device - I can count the cable-modem users by looking at the wires and there are 4 of us in two blocks (and from sniffing I know I'm 90% of the traffic.)

Yeah unsecured wireless devices aren't a good thing to use in a secure environment, but again, that's *news?

Maximum PC had an article about PC Pranks last week. And they drove one editor nuts by hooking a cordless mouse to his system as the primary pointing device, and driving his machine from across the room.

Fortunately, Open is such a lame service that not many people will use it. The shopping sites are a small subset of what you can find on the Net, and you have to go online continually just to compose an email.

Most amusingly, the IR-based protocol between keyboard and set top box has no error recovery, so it's very easy to just type too fast and have it *lose characters*. Brilliant engineering...

If you buy peripherals that broadcast their data through the air, what the hell do you expect?! We take it as a given that true security with 802.11b even using encryption is an iffy thing, despite using pretty heavy duty hardware, and yet we're floored when a cheap input device with nary more horsepower than a CD player is insecure? Perhaps we should come up with a public key protocol for mice and keyboards? Given the required horsepower, we could then also use them as co-processors, offloading all those Quake computations on the mouse and keyboard. Hmm...

Obvious security tip: if you have these keyboards attached to machines that may access secure data, consider moving them back to the wired standbys until a more secure wireless options present itself.

Good idea. I'll zap off right now and get this new keyboard off my IIS E-Commerce server. I sure wouldn't want my customers credit cards to get stolen because of some deviant sitting outside my office and sniffing me.

"Logitech had to do something that "works" but gives people zero privacy and no security"

Yes, and they did exactly the right thing. Their "job" is to produce products that do what they claim to do and sell them at a price people will pay. They never claim these products are secure in any way. As the above post says, if you bought this product *assuming* it's secure, you're a dumbass and you deserve whatever you get.

It's not "unplugged from the Internet", it's "unplugged". As in unpowered.

Even then, you are not totally safe. The contents of your RAM are often valid for several seconds to several minutes after you power off. With lower temperatures this can be up to hours. This must be taken into account with high security applications where physical access is possible. For example, tamper-detection circuits must erase RAM as well as EEPROMs when intrusion is detected.

Since PCs don't clear out memory before they power off, your passwords and encryption keys could possibly be stolen from RAM even with the best security precautions taken. Mind you, I haven't heard of anyone actually using this technique, just that it's a possibility.

Really, alot of things are insecure but after trying to be security consious you can't secure everything in the world. Is it even worth it in the hopes that one time you could get something interesting? There are easier ways of getting personnal information.

For example, I could break-in and install a camera pointed right at your monitor/keyboard. Does this justify turning your desk 90degrees every hour?

This isn't van eck-ing, as the keyboard is BROADCASTING a signal that is MEANT to be picked up. This makes it orders of magnitude easier to pick up, as it is designed to stand out from the noise.

On the other hand, completely passive van eck setups need to do alot of work separating the signal they are interested in from the background noise.

On a completely different note: those concerned about password security can move to a face-recognition login setup, which would require the attacker to capture the screen in order to compromise security,

I bought a Logitech Cordless TrackMan FX the other day : this thing is a *cordless* trackball ! I understand the need for a cordless mouse, to avoid dragging a cord around, but a cordless trackball ?? that's about as useful as a cordless telephone pole...

...and yet you bought it. Yep. You shilled out $60 - $80 of your hard - earned cash for something that you admit was worthless. You're the kind of consumer we love.

Really, I can understand how scary monitoring keyboards can be... but what's so important about mice that we have to worry? When was the last time we used mice as independant input devices? Are we afraid that people will learn what spells we're casting in Black and White?

Alright... removing my tongue firmly from cheek, I will point out that some people a few years ago came up with an interesting password scheme where you could insert mouse movements into your password. IE, you would type a few character, click a mouse button, and then continue the rest of the password, and the mouse click would be considered one of the characters. It's a very novel approach to password protection, and perhaps one of the few places where mice monitoring would pose a genuine security risk.

You can sniff Monitors from up to 1000 yards away (often through most kinds of walls) with highly sensitive (an perfectly aimed) tranceivers. The tranceivers pick up the monitor radiation from the tube gun and can basically aquire and reproduce its input signal.

<basic economics>
a store's prices are based largely (but not solely) on their own costs. if a stereo costs them $200, and they can sell it for $400 they make a nice $200 profit. but what if that stereo now effectively costs them $300 because for every 3 stereos they sell, one of them is credit fraud and they have to eat the cost? they would have to raise the price to $500 to make the same $200 profit.

the reason they can't raise the price to, say, $900 and make a $600 profit, is that the guy down the street is selling them for $500 too, and everyone would just buy them there. or, if everyone was charging $900, people would just say "fuck it, i don't need that stereo that much" and not buy one.
</basic economics>

The CIA can already sniff your keyboard and mouse movements, wireless or not. It's called Tempest. It was mentioned briefly in Rainbow 6; Jack Ryan has a computer which he refers to as "Tempested" which I took to mean resistant to Tempest sniffing. The CIA did a short demonstration with a computer bigwig (I forget who) where they showed this technology off a year or so -- they were able to sniff a login/pw from a family computer from about a block away.

I've seen a demonstration of the recovery of the video signal from a Commodore PET from a few feet away using nothing more than an old portable B&W TV set (the ones that are about the size of a shoebox) and a simple amplifier inserted between the TV and the attenna

Good point. We must all be careful not to let anyone with any homebrew Van Eck gear within a few feet of our Commodore Pets!

But for any real Van Eck threat, my point stands. You lose 6 dB of signal every time the distance doubles, which will easily cost you an additional 6 dB of money and effort each time.:-) By the time you're sitting in a van on the street outside, you're looking at NSA-style budgets.

At the aforementioned demonstration the presenter, Jim Carter, made it quite clear that it was possible to recover emissions from much more than the video circuitry

Again, if the people after your data are capable of pulling off this sort of thing, you might as well tie a white rag to the end of a stick and surrender peacefully.

No, actually, Van Eck sniffing is NOT "easy." It takes thousands of dollars' worth of exotic equipment, and is nowhere near as foolproof as the media suggests. (And how many servers display passwords on the screen when you log onto them?)

Wireless keyboard sniffing is MUCH cheaper and MUCH more damaging than TEMPEST vulnerabilities could ever be.

Yes, Logitech could have done these things, resulting in a product that cost twice as much and half as convenient as what they currently sell. And someone would have found a way to snoop on them eventually anyway.

Utter bullshit. Put the cheapest possible one-wire jack on the keyboard, and on the dongle ($0.15 X 2). Supply a one-wire cable ($0.15) to go between them. When a special key combination is pressed ($0.00) the keyboard selects a new encryption key and transmits ($0.10) it down the wire. Use a high-edge-rate signal so you can use a capacitive return and only need one wire. Receive the key ($0.10) on the dongle and store it. The encryption algorithm can be something like Blowfish (IIRC it fits nicely in even limited microcontrollers and wouldn't add much cost, if any). The cable would only need to be connected during initial key setup. Total cost: $0.65, and my price estimates are extremely pessimistic. They're probably doing custom silicon anyway, where these functions could have been trivially implemented.

If you're at risk of having your keyboard sniffed, then you've got bigger concerns to begin with.

Again, utter bullshit. Once a large segment of an urban population installs a security hazard, it becomes cost effective to build snooping stations and collect passwords and credit card numbers. 25,000 yuppies checking their stocks and buying things over the Internet is an *awesome* target.

But for any real Van Eck threat, my point stands. You lose 6 dB of signal every time the distance doubles, which will easily cost you an additional 6 dB of money and effort each time.:-) By the time you're sitting in a van on the street outside, you're looking at NSA-style budgets.

It's only expensive if you use MIL-SPEC equipment designed by gov't contractors. Switch to ham radio equipment, a commercial digital o'scope board, and homebrew, and it's a few thousand dollars tops. I.e., within the budget of anybody who wants to take the time to do it. Think Pinkertons. Think Church of Scientology. Think drug dealers. Think credit card fraud rings.

I haven't actually seen one of these keyboards, but I was thinking of a design that has a small dongle that plugs into the back of the computer with little or no cabling. To get at the contacts, you'd have to turn the machine around and touch a keyboard to it. That's possible, but a real PITA.

As for the iButton/1-wire/MicroLAN stuff from Dallas, I've played with it. They have some really cool devices. Their superfast 8051-compatible microcontrollers are neat too.

Also as I said before, mentioning security will remind people that they have no idea if it is secure. After all anything claiming to be secure in the past seems to have had later announcements about how it's not exactly as secure as first claimed...

True. If I were doing it, I'd publish the security info so interested parties could review it for themselves.

Ok, if they spin their own silicon they might be able to do it, I don't own one of those things, so I can't check to see if it is all off the shelf parts, or has any custom ICs, or even FPGAs.

I don't know either. I would suspect they used one of the many wireless chips that are available, but there is enough profit margin and the market is small enough that they could have rolled their own radios.

I'm assuming these small area designs have been openly published and withstood attack? Or are small area designs of real cyphers...

Well, there are the multiple LFSR ciphers which can be implemented in a few hundred transistors. Bluetooth uses this type, precisely because it takes a trivial, albeit custom, amount of silicon to implement. These aren't the greatest ciphers, but they can be decent. Schneier's Twofish cipher was specifically designed to fit into smart cards and uses very few resources [counterpane.com].

You need long term storage to hold the key (FLASH, NVRAM, whatever),...

True. But that wouldn't add much cost, especially if they microcontrollers already include a little EEPROM.

...and if it is battery backed you will need that cable again in a few years, or there is another 800 call.

Battery backed == bad. If it's not EEPROM, I'd say don't bother. As for replacing the cable, it would be a wire with a mini banana plug on each end. The customer could replace it themselves with a piece of 18 AWG solid wire with the insulation stripped off each end. Or you could sell them a replacement (which replacement would have a breathtaking profit margin).

Hmm...I sense a business plan. All these little gizmos, like remote controls, garage door openers, Bluetooth cards and telephones, game controllers, SPIKE gizmos, and so forth have one thing in common: for proper security, they need a hardware key-exchange system. Which means a cable. Which means an enormous business selling cables. Which means that cable companies could give away strong encryption as a loss-leader, and make it up with a captive market for synchonization cables.

Logitech could have put in good encryption, and talked up the weakness of their competitors. One press release per weak about how your competitors are betraying the public can drum up a lot of business.

You won't be able to shoehorn much encryption into the tiny CPU that decides keystrokes and drives a little RF and emulates the original keyboard controller.

Wrong. Lots of work has been done to stuff good encryption in tiny CPUs. Think smart cards. In particular, ciphers that use multiple LFSRs require miniscule amounts of silicon.

Plus it is hard to imagine anything simple that works out of the box...

Yeah, running a wire between them for a moment when it's first installed is *so* hard...

I mean look at the problems 802.11's WEP has, and it is on a $100 and up device!

WEP was designed by a microcephalic crack-smoking monkey. Price had nothing to do with it. It is poor entirely because it's designers had essentially no understanding of cryptosystem design, and they didn't bother to have it reviewed by experts.

Finally, there is a mathematical procedure that is claimed to work out a secure key by a _long_ process of exchanged messages and intensive calculation.

I suggest you get a book on cryptography, such as _Applied_Cryptography_ by Bruce Schnier. There are many key negotiation protocols, but the most famous is "Diffie-Hellman Key Exchange" which is also the first public key algorithm invented. It is actually quite simple and only takes one round trip of messages (Ian Goldberg came up with a protocol for doing DH key exchange over e-mail.) You start with a Generator, G, and a public key, n. Neither of these are secret. Alice and bob each generate a large nonce, x and y respectively, and do the following:

alice and bob can each generate the secret key because they know either x or y. eve, an evesdropper, cannot generate the secret key because without either x or y, computing the secret key from X and Y alone requires calculating a discrete logarithm, which is a Hard Problem.
This is not intensive calculation by today's standards since my Java ring is powerful enough to do modular exponentiation in a reasonable amount of time, and it is several years old. You are absolutely correct that adding two way communication to a wireless keyboard/mouse would be much more expensive, however.

No, actually, Van Eck sniffing is NOT "easy." It takes thousands of dollars' worth of exotic equipment, and is nowhere near as foolproof as the media suggests.

I must say that this is not at all true. I've seen a demonstration of the recovery of the video signal from a Commodore PET from a few feet away using nothing more than an old portable B&W TV set (the ones that are about the size of a shoebox) and a simple amplifier inserted between the TV and the attenna. This was at HoHoCon '92. Sure, a PET is quite noisy, the distance was short, and the refresh rates weren't matched, but you could read the computer screen on the TV so it was a powerful demonstration nonetheless. Better equipment and analysis software does improve the effective range of recovery and allows recovery of signals that are more complex than video, but it goes to show that basic techniques are actually quite simple.

(And how many servers display passwords on the screen when you log onto them?)

At the aforementioned demonstration the presenter, Jim Carter, made it quite clear that it was possible to recover emissions from much more than the video circuitry. Disk controllers, network interfaces, keyboards; pretty much any circuit at all will generate emissions that can be recovered. Bootleg also stressed that information can be recovered from more than just the air. Information goes out through your electrical circuits too, this is why extremely secure facilities generate their own power and do not connect to the grid. Amazingly enough, the pipes in building sprinkler systems act as antennas and information can be recovered from the plumbing exiting the building. Information can even be recovered from the ground!

I must first admit that i am unaware of the design of these keyboards but i assume there is only a few channels they operate on. All you would really need to "sniff" these devices would be another reciever device of the same type set to the same channel. Once you have the channel figured out the second device, attached to a second PC, should display what was being typped on the original? This is the way the old RF keyboards sold with the Gateway 2000 Destination series of computers worked. We purchased a few of these where i work and i used to love to annoy people by setting a second mouse to the same channel they used, then in the middle of a presentation start moving their mouse around on them.

If you are security conscious and bought a wireless keyboard, you deserve to have your head examined. If it didn't say "Strong Encryption" or mention some other form of security on the box, you didn't honestly think it was secure did you? Even IR keyboards can be "sniffed", although not nearly as easily.

"The old adage 'The only safe computer is locked in a room and unplugged from the Internet' proves false.

Actually, I think the qoute is "The only secure computer is one unplugged from the internet, power, monitor, keyboard & mouse, shoved into a crate, pour cement into the crate, nail it shut, wrap it in chains, place in a larger crate, pour more cement into that, then bury it 50' underground."

The credit card system is in shambles. If it was designed properly we wouldnt have to subsidize billion of dollars of theft via higher prices at the store.

This country is becoming increasingly dependant upon computers, and as it does so you will become even more vulnerable to electronic fraud and surveillance.

It may have been easy for you to show that you obviously didnt make those charges on you credit card bill, but do you want to have to explain that you didnt request that $20,000 online "cash" advance next time, that was promptly "lost" at some ecasino?

Basic common sense security is something you should consider.
One day, your attitude may come back and bite you.

Can't remember any links now, but in a lecture by Duncan Campbell he mentioned a new method by which the lower-frequency electromagnetic radiation (i.e. not light) from CRTs and even LCDs can be monitored from behind walls, and most of the information can be retrieved.

Warning! If you work with secure data on a computer, and there is a wire spliced onto your keyboard wire in an unusual way and the wire goes into a hidden corridor, out the window, or far from site, someone might be sniffing your data!!

Actually, it's not terribly difficult to get data from a wired keyboard at a reasonable range. They run at a low data rate and leak a fair amount of RF. You can demonstrate this by holding an inductive probe near one and pressing different keys - they all make different tones.

I've go one of these sets and I'm lucky if I can use the keyboard / mouse 10 Ft away from the PC. Whoever discovered a way to sniff the things 100's of feet away, can you please get in touch with Logitech so they can get more range on their own product.

A few years ago my brother, another geek, emailed me a challenge to see which of us was laziest. He said he would put off all his work till the last minute and not clean up his house or run and play with the kids for a full week.

The only system which is truly secure is one which is
switched off and unplugged, locked in a titanium lined
safe, buried in a concrete bunker, and surrounded by
nerve gas and very highly paid guards.
Even then, I wouldn't stake my life on it.
(Gene Spafford)

I think switched off also includes the removal of the batteries from the mouse and keyboard.

I bought a Logitech Cordless TrackMan FX the other day : this thing is a *cordless* trackball ! I understand the need for a cordless mouse, to avoid dragging a cord around, but a cordless trackball ?? that's about as useful as a cordless telephone pole...

"A door is what a dog is perpetually on the wrong side of" - Ogden Nash

Actual Tempest is the name of a room designed to thwart electronic spying. Usually used in the sense of "tempest room". It basically is a room which is a gaussian sphere, i.e. all metal, including metal contacts around the perimeter of the door. You can't scan wired keyboards and mice. You can however scan RF transmitting devices such as monitors. It is quite easy to sync a signal from a monitor from quite some distance away and literally be able to see what the user is displaying on their screen. So the defense industry uses tempest rooms to shield the electrical transmissions from the computers.

giving the PC side a transmitter - added cost
and the keyboard side a receiver. - added cost
the keyboard could have had a light sensor - added cost; requires keyboard to have line of sight to monitor and obviates much of wireless advantage.
docking/charging stand - added cost; requires regular connections to computer

Yes, Logitech could have done these things, resulting in a product that cost twice as much and half as convenient as what they currently sell. And someone would have found a way to snoop on them eventually anyway.

If you're at risk of having your keyboard sniffed, then you've got bigger concerns to begin with.

Most of the 27 MHZ frequencies are the same as RC toy cars and boats. Don't use your computer in the same apartment that has kids. You may crash his toy monster truck. Really, many RC toys use transmitters from 100mW to 750mW I think the cordless stuff are on the low end of the power range to save batteries because they are rarely used beyond 100 feet, but the controller for that RC 4 wheeler may jam your keyboard.

I'd never use one of those. I even switched to an HMD to avoid my screen be visible from the next room. I also put my computer into a room 6 meters underground, then sealed the entrance. I bought temperature/moisture/pressure sensors for the floor tiles, removed the air ducts (so there, Mission Impossible!), re-install NetBSD nightly to avoid any files being saved, and put EMF filters on my mouse and keyboard cables. I have my own air generator, and a lifetime supply of Spaghetti-O's.

Of course, in the real world, most of us understand that little things like 'keyboard snooping' and 'phone tapping' are seriously un-important. I'm much more concerned about the real threats like Unlawful Search and Seizure than I am about someone knowing my password for/. or MP3.Com. Who the h377 cares?

Do you actually think it matters if someone uses your credit card fraudulently? Nope. Happened to me already, before everything was 'e' something. I had someone run my card to the limit, and the company just charged me my insurance co-pay. Bango, no problem.

Life is just one big exercise in risk-management. Learn what things matter, and what things don't. Protect yourself where it matters. Don't bother to wear a flak jacket to the can.

With the limited battery and processing power onboard these keyboards and mice, you can't really expect them to perform much complex encoding and decoding.

That said, some basic protection would be in order. Encryption is difficult when you are talking about a few characters per second, but definitely possible. Tuning each receiver to each device at ship time might also be possible, but could prove not to be cost effective.-------
-- russ

"You want people to think logically? ACK! Turn in your UID, you traitor!"

but seriously speaking. If something is airborne, it CAN be sniffed. If the computer can decipher something which is not directly connected to it, then something else can too.
Sure, you can encrypt the data stream, but encryption isn't full security.

The old adage 'The only safe computer is locked in a room and unplugged from the Internet' proves false.

No it doesn't prove false, you have to use common sense. So you unplugged it from the internet but decided to use a WIRELESS device, especially one that is not built with the intent of being cryptographically secure.

This is purely a stupid post. Releasing data into the airstream obviously makes it more susceptible to sniffers. And it's been known for ages that you can sniff out WIRED keyboards by checking electrmagnetic pulses in the air. Sure it takes very expensive equipment, and you need to be close to the computer, but if that can be done, then why the hell is it surprising that WIRELESS keyboards can be sniffed?

Yes, you can. Mice and keyboards generaly use out dated(cheep) microcontrolers what you do is use an RF reciver to scan in the frq of the controler. From this you can put the key strokes back togather. Most keyboards use just a few controlers and most of them use the same look up tables. With older keyboards you could listen to them from 100's of feet. Now its more like 25-50 feet. I have also worked on forcing RF in to the controler, to make it produce keystrokes didn't work very well but can be done with fairly simple microcontrollers.

Okay, I got all this from an old man who I work with that used to work for the NSA, this is what he says, I dunno if he is nuts or not.....

The CIA has their main building that is built within another building, and between the two buildings... white noise is pumped throughout. There is a good reason for this, *THEY* (NSA, CIA, MIB, Echeleon, whoever you are paranoid against) have the technology to sniff your keystrokes from about 50 yards away, even with your traditional wired keyboard. In some cases they can read even the radiation from your monitor.

I must be a friggin' loser. All you guys are sitting around contemplating the ramifications of this demonstration. Meanwhile, I could only dream that someone would go through this amount of trouble to see what I type.

I can't believe there are so many important people hanging out at Slashdot.;-)

Cellular phones aren't secure. Anyone with a piece of hardware can listen in on your conversations. I know some people with such devices.

"Cordless" telephones are definately not secure. I've listened to other people's conversations because we were on the same channel, accidently, and while I couldn't talk, was very informed on this person's stock portfolio from his conversation with his broker.

Monitor cables, yes, the corded kind, emitt signals that a TEMPEST scanner can reconstruct into an image of your monitor, like a remote wireless VNC termanal that is set to look only.

Why should a wireless mouse and keyboard be any different? They are beaming keystrokes/(X,Y) coordinates into the air the same as those other devices are...why wouldn't a scanner or another receiver be able to pick them up? Anything that travels through the air is unsecure - it should never be assumed otherwise.

So what! Cellphones, cordless telephones, 802.11b, and just about everything else can be "sniffed"! There are a million ways to compromise the security of a PC. If you need maximum security, then don't use cordless mice or keyboards!

Why are people around Slashdot always so worried about this kind of thing?

When cordless phones first became common, many people were surprised to discover that their neighbors were listening in. DUH!!!

When cellular phones came within ordinary peoples' price range, many were surprise to learn that everyone could listen in. DUH!!!

Anything you put on the radio is insecure unless it is heavily encrypted with good control of the keys. Why is that hard to understand?

The wireless keyboard and mouse could be encrypted. In fact from the article it appears that they might be encrypted; there is some sort of negotiation going on at startup, but I don't know whether that is to pick a key or simply to pick a channel. But even if the encryption is good, this live on-the-air key negotiation is a weak point. For instance, you could buy the same model of keyboard and take control after the guy turned on his computer and while he was walking over to the keyboard. Of course, you'd be entering commands blind, but there's always "del *.* (enter) y". Or since there seems to be a short list of built-in keys, you could experiment with a keyboard to find out what they all were, read the key selected from the start-up transmissions, then read out the login and password.

If you want a really secure wireless connection, then you need strong encryption with a unique key that no one else knows. Either you ship keyboard and receiver from the factory as a set (and trust the factory to erase the pre-programmed keys from their records as soon as they are used), or you have a way to temporarily bring the two devices together and connect them by a nearly untappable wire while they figure out a key.

Finally, there is a mathematical procedure that is claimed to work out a secure key by a _long_ process of exchanged messages and intensive calculation. Don't ask me to explain it. It would require enabling two-way communications, which doubles the cost of the radio circuits, and I suspect it would increase the CPU power required dramatically.

By the way, you don't need much CPU power for good secret-key encryption, you just have to design right. I know of boards that do reasonably secure encryption and only have eight bit CPU's barely more powerful than the one in the original IBM PC keyboard. They have a special (and not too expensive) chip that implements DES, and since the original DES definition used a key that is short enough for brute force attacks nowadays, they run the message through several times with different parts of a long key. It's supposed to be safe enough to carry debit card PIN numbers under the tough European regulations. But we've got to go to nearly absurd lengths to keep that programmed-in key safe: the board is wrapped in a piece of folded paper printed with wiring patterns, then it's all potted (cast) into a block of epoxy mixed with silica grit (sand). If you take the case off, a little switch detects this and the board erases its memory in microseconds. If you somehow get past the switch and drill or cut through the epoxy, besides being darned hard on the drill bit, when you hit that paper wrapper you cut wires and the board erases. If you freeze it to weaken the epoxy and slow down the erase process, the board has a thermistor to detect falling temperatures, and erases. If you try to burn off the epoxy, that paper will go first -- and in some models, there is also a thermistor to detect rising temperatures.

If you could somehow construct a conduit that the signal could use to travel from the mouse or keyboard to the box, perhaps a metal line with some sort of insulation to prevent signal bleed, and electric shocks. Of course these conduits would need to be long enough so that your mouse or keyboard could be operated at a comfortable distance from the machine...

Cliff, stop kidding yourself, very few of us are important enough or have access to data that's important enough that someone would want to bother setting up a snooping station to intercept our userid/pwd.

For those of us who *do* have access to something that's sensitive, they *will* be sitting in that computer room that's disconnected from the net and they'll sure as hell not be using silly gizmos for geeks.

Yeah, running a wire between them for a moment when it's first installed is *so* hard...

Sure. First it costs money to put the wire there. Then it costs money if people screw it up, or think they did and call the 800 number. You need long term storage to hold the key (FLASH, NVRAM, whatever), and if it is battery backed you will need that cable again in a few years, or there is another 800 call.

You don't need a wire, you only need a set of contacts on the keyboard which match a set on the receiver. Touch the two together, and they sync keys. I could do this trivially with some CMOS-level electronics on the receiver and a static-protected input on the keyboard hooked to an open-drain driver, allowing bidirectional communications. This would also be very easy for consumers to understand ("touch the units together until the keyboard lights flash") and eliminate the need for the sync switches on the two units as well. You want an existence proof that it can be done? Look at the Dallas Semi iButton [ibutton.com].--

It's amazing how many ways this could have been done right, and it is still wrong. For instance, the system could use a Diffie-Hellman key exchange by giving the PC side a transmitter and the keyboard side a receiver. Or the keyboard could have had a light sensor and use flashing patterns on the screen as the data back-channel (you only need it during sync). Or, if the keyboard used rechargable batteries, the key-exchange could be done by hardwired connection while it was on its docking/charging stand.

But no, Logitech had to do something that "works" but gives people zero privacy and no security. I hope this product gets hacked to hell, publicized to the ends of the universe and all products with crappy security get such a black eye in the press and a drubbing in the market that nobody even thinks about trying to sell something like that ever again.--

I would very much like to get rid of wires and use a wireless keyboard. Unfortunately, companies like Logitech don't seem to think consumers care, so they just produce the cheapest possible device, which means little or no security. I called them and they didn't try to hide the fact that their devices aren't secure.

Let's hope that reports like this will create a consumer demand for security and cause lots of complaints to Logitech. So, if you see people use these devices, explain to them that anybody nearby can get their passwords, credit card numbers, and even take control of their computer. I think when properly explained to them, consumers do care.

Wireless keyboards can be made secure for a few more dollars; the company simply needs to care.

Well, a few days ago we've been standing outside, smoking and talking about wireless networking - just the usual fun - while a friend told us a story about the Dresdner Bank [dresdner-bank.com], who had recently installed wireless Logitech mice and keyboards in one (or even more ?) of their subsidiaries here in Berlin/Germany. The reason for that was that they didn't want to drill cabling holes into their brandnew desks and counters !
Our idea was - as a matter of course - to sniff their fingertips and micemoves, and with knowledge of their software's menu and operating structure, to make our red account balance become deep black again.
A few days later we all laughed about the report of a security consultant concerning a German bank, which we first read about here (in German) [heise.de]. They of course didn't mention the bank's name...
Funny that in a highly security sensitive environment like a bank somebody had the funny idea to use wireless keyboards and mice instead of leaving doors and safes wide open...

This idea could make a cool joystick-like device. I'm thinking an ergonomic pistol grip with 4 buttons -- one in each of the finger grooves. A small trackball sits on top and is manipulated with your thumb. Hmm...maybe a wheel mounted on the side.

You'd be surprised how much wiretapping can occur with computer perpherals.
A guy in the research labs in my uni can reconsitute the image from a monitor's radiation at a range of about 20 meters. He says the loss of quality is minimal.
MOst consumer grade products aren't shielded nearly enough, because, obviously, that would drive the price up for a benefit most people wouldn't even be aware of..